CN112422510B - Data transmission method and system based on DMZ zone - Google Patents
Data transmission method and system based on DMZ zone Download PDFInfo
- Publication number
- CN112422510B CN112422510B CN202011139340.4A CN202011139340A CN112422510B CN 112422510 B CN112422510 B CN 112422510B CN 202011139340 A CN202011139340 A CN 202011139340A CN 112422510 B CN112422510 B CN 112422510B
- Authority
- CN
- China
- Prior art keywords
- data
- enterprise
- exchange platform
- sharing exchange
- end processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000005540 biological transmission Effects 0.000 title claims abstract description 26
- 238000012545 processing Methods 0.000 claims abstract description 12
- 238000013480 data collection Methods 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 2
- 238000012856 packing Methods 0.000 claims 6
- 238000004806 packaging method and process Methods 0.000 claims 2
- 238000002955 isolation Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a data transmission method and a system based on a DMZ zone, wherein the method comprises the following steps: responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform; and the data sharing exchange platform of the first enterprise performs data processing on the source data based on the acquired data standard, then performs data encryption, and sends the encrypted data to the second enterprise through the front-end processor. The embodiment of the invention can realize network isolation through network environment configuration of the DMZ area to achieve the problem of protecting internal networks of enterprises, realize data encryption through an encryption algorithm to ensure the safety of data transmission, and adopt a sub-packet mode for unstructured data to reduce the data volume of each transmission and ensure the data transmission efficiency.
Description
Technical Field
The present invention relates to the field of data transmission technologies, and in particular, to a data transmission method and system based on a DMZ zone.
Background
Data sharing among enterprises becomes a hot topic, and the value brought by the data is gradually accepted by the enterprises. At present, enterprises generally implement network isolation by setting an isolation Zone (DMZ), so that how to perform secure and effective data transmission and data sharing between enterprises with the effect of protecting the internal network of the enterprise is achieved, which has become an important research direction.
Disclosure of Invention
The invention aims to solve the following technical problems at least to a certain extent:
how to transmit the data inside the enterprise is low in safety, and the efficiency is not guaranteed.
In a first aspect, an embodiment of the present invention provides a data transmission method based on a DMZ zone, where each enterprise is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage internal data of the enterprise, each data sharing switching platform is arranged in a respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, and each enterprise at least includes a first enterprise and a second enterprise, and the method includes:
responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform;
and the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor.
In some examples, the application of the first enterprise, in response to the front-end processor receiving the collected data task sent by the second enterprise, includes:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard.
In some examples, the source data includes structured data and unstructured data, the obtaining source data based on the collected data standard in the collected data task and sending the source data to the data sharing switching platform includes:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
In some examples, the sending structured data and unstructured data, respectively, to the data exchange platform comprises:
and the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise.
In some examples, the data sharing exchange platform of the first enterprise performs data encryption after performing data processing on the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data sharing exchange platform of the first enterprise extracts the source data based on the acquired data standard, packages and encrypts the extracted source data, and sends the encrypted data to the second enterprise through the front-end processor of the first enterprise.
In some examples, each enterprise's data sharing exchange platform has a respective symmetric key and asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through the own symmetric key, the symmetric key is encrypted through the public key of the data sharing exchange platform of the second enterprise, and the encrypted data are jointly packaged and then are sent to the second enterprise through the front-end processor.
In a second aspect, the present invention provides a data transmission method based on DMZ zones, where each enterprise is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage internal data of the enterprise, each data sharing switching platform is arranged in a respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, and each enterprise at least includes a first enterprise and a second enterprise, and the method includes:
a data sharing exchange platform of a second enterprise generates a data acquisition task, and the data acquisition task is sent to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise;
and after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
In some examples, the data sharing exchange platform of the second enterprise generates a data collection task, and sends the data collection task to the first enterprise through the front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encrypting, including:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
In some examples, each enterprise's data sharing exchange platform has a symmetric key and an asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, including:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the data sharing exchange platform of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
In a third aspect, an embodiment of the present invention provides a data transmission system based on a DMZ zone, where each enterprise in the system is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage data inside the enterprise, each data sharing switching platform is provided in a respective DMZ zone of each enterprise, each front-end processor is provided in the same network environment, and each enterprise includes at least a first enterprise and a second enterprise,
the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise is used for carrying out data encryption after carrying out data processing on the source data based on the acquired data standard, and sending the encrypted data to the second enterprise through the front-end processor;
the second enterprise data sharing exchange platform is used for generating a data acquisition task and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
By the data transmission method and the data transmission system based on the DMZ zone, network isolation can be realized through network environment configuration of the DMZ zone, the problem of protecting an internal network of an enterprise is solved, data encryption is realized through an encryption algorithm, the safety of data transmission is ensured, the data volume of each transmission can be reduced by adopting a sub-packet mode for unstructured data, and the data transmission efficiency is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a DMZ-based data transmission system framework according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data transmission method based on a DMZ zone according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of another data transmission method based on DMZ zones according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an encryption process according to an embodiment of the present invention.
Detailed Description
In order to more clearly explain the overall concept of the present application, the following detailed description is given by way of example in conjunction with the accompanying drawings.
Fig. 1 is a schematic diagram of a data transmission system framework based on a DMZ zone according to an embodiment of the present invention, and as shown in fig. 1, the system includes a plurality of enterprises, each of which is provided with an application program, a data sharing exchange platform, and a front-end processor.
In particular, the application is used for managing data within an enterprise, and may be, for example, a business management system within the enterprise; each data sharing exchange platform is arranged in a respective DMZ zone of each enterprise; each front-end processor is arranged in the same network environment and can communicate with each other.
In some examples, the each enterprise includes at least a first enterprise and a second enterprise. In some specific application scenarios of the present invention, the second enterprise is a superior enterprise of the first enterprise.
Specifically, the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
specifically, the data sharing exchange platform of the first enterprise is configured to perform data encryption after performing data processing on the source data based on the collected data standard, and send the encrypted data to the second enterprise through the front-end processor;
specifically, the second enterprise data sharing exchange platform is used for generating a data acquisition task, and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
The following describes a specific implementation and functions of the above system in the embodiment of the present invention with reference to fig. 2.
Fig. 2 is a schematic flow chart of a data transmission method based on a DMZ zone according to an embodiment of the present invention, as shown in fig. 2, the method includes:
s201, an application program of a first enterprise responds to a data acquisition task received by a front-end processor and sent by a second enterprise, source data are obtained based on data acquisition standards in the data acquisition task, and the source data are sent to a data sharing exchange platform.
S202, the data sharing exchange platform of the first enterprise carries out data processing on the source data based on the acquired data standard, then carries out data encryption, and sends the encrypted data to the second enterprise through the front-end processor.
In some preferred embodiments, the application of the first enterprise, in response to the front-end processor receiving the collected data task sent by the second enterprise, comprises:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the acquired data standard to the application program, so that the application program acquires source data according to the acquired data standard.
In some preferred embodiments, the source data includes structured data and unstructured data, and accordingly, the acquiring the source data based on the collected data standard in the collected data task and sending the source data to the data sharing exchange platform includes:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
Specifically, the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to the data exchange platform of the first enterprise, respectively.
In some embodiments, the unstructured data larger than 50M is sent in a single zip packet, and the unstructured data smaller than 50M is sent in a zip packet, and reported one by one with the zip packet.
In some embodiments, the non-structured data zip packages are named uniformly, and the naming mode can be uniform social credit code _ service code _ version number _ timestamp _ uuid.
In some embodiments, each enterprise's data sharing exchange platform has a respective symmetric key and asymmetric key pair, the asymmetric key pair comprising a public key and a private key.
Correspondingly, the data sharing exchange platform of the first enterprise encrypts the data after performing data processing on the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
Fig. 3 is a schematic flow chart of another data transmission method based on DMZ zones according to an embodiment of the present invention, as shown in fig. 3, the method includes:
s301, a data sharing exchange platform of a second enterprise generates a data acquisition task, and sends the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the data to the second enterprise;
s302, after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
In some examples, the data sharing exchange platform of the second enterprise generates a data collection task, and sends the data collection task to the first enterprise through the front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encrypting, including:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
The data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, and the method comprises the following steps:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
Fig. 4 is a schematic diagram of an encryption process provided in an embodiment of the present invention, as shown in fig. 4, in an actual application process, a data sharing exchange platform of each enterprise generates a symmetric key (SM 4 key file) by itself, receives a public key (SM 2 public key) sent by a second enterprise, encrypts source data by using the symmetric key, encrypts the symmetric key by using the public key, and then sends the encrypted source data to other enterprises.
It will be appreciated that the encryption process may be applied to any phase of enterprise communication in embodiments of the present invention, such as the second enterprise sending the collected data task phase to the first enterprise, or the first enterprise sending the collected data phase to the second enterprise.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the application.
Claims (4)
1. A data transmission method based on DMZ zone is characterized in that each enterprise is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data in the enterprise, each data sharing exchange platform is arranged in the DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, and the method comprises the following steps:
responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise encrypts the source data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor;
the application program of the first enterprise responds to the front-end processor receiving the collection data task sent by the second enterprise, and comprises the following steps:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
the data sharing exchange platform of the first enterprise sends the acquired data standard to the application program, so that the application program obtains source data according to the acquired data standard;
the source data includes structured data and unstructured data, the source data is obtained based on the collected data standard in the collected data task, and the source data is sent to the data sharing exchange platform, including:
the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquired data standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform;
the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise;
packing the unstructured data in a form of a single data packet under the condition that the size of the unstructured data is larger than a preset value;
packing the unstructured data into an unstructured data packet under the condition that the size of the unstructured data is smaller than the preset value;
the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
2. The method of claim 1, wherein the data sharing exchange platform of the first enterprise performs data encryption after performing data processing on the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, comprising:
and the data sharing exchange platform of the first enterprise extracts the source data based on the acquired data standard, packages and encrypts the extracted source data, and sends the encrypted data to the second enterprise through the front-end processor of the first enterprise.
3. A data transmission method based on DMZ zone is characterized in that each enterprise is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data inside the enterprise, each data sharing exchange platform is arranged in the respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, and the method comprises the following steps:
a data sharing exchange platform of a second enterprise generates a data acquisition task, and the data acquisition task is sent to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task;
the data sharing exchange platform of the second enterprise generates a data acquisition task, and sends the data acquisition task to the first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task and sends the data to the second enterprise after encryption, and the method comprises the following steps:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
the front-end processor of the second enterprise sends the data acquisition task to a first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise;
the data acquisition task is used for acquiring source data, and the source data comprises structured data and unstructured data;
acquiring source data based on a data acquisition standard in the data acquisition task and sending the source data to the data sharing exchange platform through a first enterprise, wherein the data acquisition task comprises the following steps:
respectively acquiring structured data and unstructured data according to the acquisition standard through an application program of the first enterprise, and respectively sending the structured data and the unstructured data to the data sharing exchange platform;
the structured data are placed into a DB file database for packaging through an application program of the first enterprise, the unstructured data are packaged and named according to a preset format, and the packaged data are sent to a data exchange platform of the first enterprise;
packing the unstructured data in a form of a single data packet under the condition that the size of the unstructured data is larger than a preset value;
packing the unstructured data into an unstructured data packet under the condition that the size of the unstructured data is smaller than the preset value;
the data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, including:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
4. A data transmission system based on DMZ zone is characterized in that each enterprise in the system is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data in the enterprise, each data sharing exchange platform is arranged in the DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, wherein,
the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise is used for carrying out data encryption after carrying out data processing on the source data based on the acquired data standard, and sending the encrypted data to the second enterprise through the front-end processor;
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard; the source data comprises structured data and unstructured data;
the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquired data standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform;
the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise;
packing the unstructured data in a form of a single data packet under the condition that the size of the unstructured data is larger than a preset value;
packing the unstructured data into an unstructured data packet under the condition that the size of the unstructured data is smaller than the preset value;
the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and sends the encrypted data to the second enterprise through the front-end processor after jointly packaging the encrypted data;
the second enterprise data sharing exchange platform is used for generating a data acquisition task and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise, and data collected by the second enterprise based on the data collection task is obtained;
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise;
the data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011139340.4A CN112422510B (en) | 2020-10-22 | 2020-10-22 | Data transmission method and system based on DMZ zone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011139340.4A CN112422510B (en) | 2020-10-22 | 2020-10-22 | Data transmission method and system based on DMZ zone |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112422510A CN112422510A (en) | 2021-02-26 |
CN112422510B true CN112422510B (en) | 2023-01-20 |
Family
ID=74840472
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011139340.4A Active CN112422510B (en) | 2020-10-22 | 2020-10-22 | Data transmission method and system based on DMZ zone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112422510B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102779186A (en) * | 2012-06-29 | 2012-11-14 | 浙江大学 | Whole process modeling method of unstructured data management |
CN103116643A (en) * | 2013-02-25 | 2013-05-22 | 江苏物联网研究发展中心 | Hadoop-based intelligent medical data management method |
CN105160474A (en) * | 2015-09-06 | 2015-12-16 | 浪潮软件股份有限公司 | Data processing method for realizing heterogeneous database based on intelligent task scheduling platform |
CN111698546A (en) * | 2020-06-29 | 2020-09-22 | 平安国际智慧城市科技股份有限公司 | Video structured result transmission method and device, terminal equipment and storage medium |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2913550A1 (en) * | 2007-03-07 | 2008-09-12 | Inside Contactless Sa | METHOD FOR SECURELY LOADING ACCESS DATA TO A SERVICE IN AN NFC CHIPSET |
CN103685532B (en) * | 2013-12-20 | 2016-08-17 | 代玉松 | The safety guarantee system and method used during transmission of a kind of data among enterprises based on cloud service |
US10404669B2 (en) * | 2015-06-09 | 2019-09-03 | Skyhigh Networks, Llc | Wildcard search in encrypted text |
CN107222583A (en) * | 2017-08-08 | 2017-09-29 | 江苏优闼数据科技有限公司 | A kind of data transmission method of fusion structure data and unstructured data |
CN109150703B (en) * | 2018-08-23 | 2019-07-02 | 北方工业大学 | Intelligent cloud gateway for industrial Internet of things and communication method thereof |
CN109257347A (en) * | 2018-09-10 | 2019-01-22 | 中国建设银行股份有限公司 | Communication means and relevant apparatus, storage medium suitable for data interaction between bank |
CN109818831A (en) * | 2019-03-05 | 2019-05-28 | 山东浪潮通软信息科技有限公司 | A kind of system data dynamic monitoring device and method across private network based on DMZ |
CN110061996A (en) * | 2019-04-25 | 2019-07-26 | 深圳市元征科技股份有限公司 | A kind of data transmission method, device, equipment and readable storage medium storing program for executing |
CN110086816A (en) * | 2019-04-30 | 2019-08-02 | 广东电网有限责任公司 | A kind of data processing method under internal and external network switching platform environment |
CN111258780B (en) * | 2020-01-15 | 2024-07-09 | 深圳市华傲数据技术有限公司 | System and method for data exchange based on front-end processor |
-
2020
- 2020-10-22 CN CN202011139340.4A patent/CN112422510B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102779186A (en) * | 2012-06-29 | 2012-11-14 | 浙江大学 | Whole process modeling method of unstructured data management |
CN103116643A (en) * | 2013-02-25 | 2013-05-22 | 江苏物联网研究发展中心 | Hadoop-based intelligent medical data management method |
CN105160474A (en) * | 2015-09-06 | 2015-12-16 | 浪潮软件股份有限公司 | Data processing method for realizing heterogeneous database based on intelligent task scheduling platform |
CN111698546A (en) * | 2020-06-29 | 2020-09-22 | 平安国际智慧城市科技股份有限公司 | Video structured result transmission method and device, terminal equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112422510A (en) | 2021-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8037297B2 (en) | Network and node for providing a secure transmission of mobile application part messages | |
CN111917727A (en) | Electric power Internet of things safety intelligent image transmission system and method based on 5G and WiFi | |
US20070094273A1 (en) | System topology for secure end-to-end communications between wireless device and application data source | |
EP2882208B1 (en) | Method, apparatus, system, and related device for data transmission | |
CN104468648A (en) | Data processing system and method | |
EP2521311A1 (en) | Resource control method, apparatus and system in peer-to-peer network | |
WO2011131093A1 (en) | Encryption communication method, apparatus and system | |
WO2019169679A1 (en) | Terminal information transmission method and relevant products | |
CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
CN106464596A (en) | Openflow communication method, system, controller, and service gateway | |
CN102761494A (en) | IKE (Internet Key Exchange) negotiation processing method and device | |
CN111988260B (en) | Symmetric key management system, transmission method and device | |
US9479334B2 (en) | Method, system, and terminal for communication between cluster system encryption terminal and encryption module | |
Saksonov et al. | Organization of information security in Industrial Internet of Things systems | |
EP3166283B1 (en) | Business access method, system and device | |
CN112491955B (en) | Method and system for realizing iframe system data exchange based on proxy server | |
CN109862526A (en) | Document transmission method, device, computer equipment and storage medium | |
Gupta et al. | End-to-end encryption for securing communications in industry 4.0 | |
CN112422510B (en) | Data transmission method and system based on DMZ zone | |
KR102219018B1 (en) | Blockchain based data transmission method in internet of things | |
CN117118628A (en) | Lightweight identity authentication method and device for electric power Internet of things and electronic equipment | |
CN102082666B (en) | Single login system and method and service management system as well as single login intermediate system | |
CN113765900B (en) | Protocol interaction information output transmission method, adapter device and storage medium | |
CN108173868A (en) | A kind of method, equipment and the storage device of one-to-many file distributing | |
CN111581673B (en) | SAP electronic signature method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230307 Address after: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province Patentee after: Inspur Genersoft Co.,Ltd. Address before: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province Patentee before: SHANDONG INSPUR GENESOFT INFORMATION TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right |